I've found another chunk, but looking at the pihole.log seems normal until you see the corresponding query log that doesn't match at all. Here is another instance (I'm not sure how to grep a range of time and what good it would do without the query log):
edit: the queries in the query log are extremely similar to the previous instance. I've ran MalwareBytes, CCCleaner, and our AV scanner on 10.139.12.100 with nothing out of the ordinary popping up.
is the response if there is (a) no data at all (unlikely) or (b) if you are not authorized to get this data. You have to be logged into your Pi-hole dashboard and you will get the data only in the very same browser. Even on the same computer, curl is not authorized to get the data and hence will still see [].
You are correct. I logged into the PiHole dashboard, opened another tab with the api.php URL and it did indeed pull the information. So, how can I pass credentials for the api.php with curl on the PiHole?
I tried curl -u pi:[password] but that still got me []. Isn't that the username that is passed on the dashboard?
Yes, it uploaded partially. We apply a certain (not too high) limit on the amount of data users can put to our Tricorder server to protect ourselves from a few possible attack vectors. Hence, your data was cut off at some point and this is how curl reacted to this.
I'll now look at your data. Can you please also send a screenshot of your Query Log (possibly the last or second to last page you can see)?
Okay, sorry, I should have been clearer on this. The uploaded data is, unfortunately, not sufficient for seeing data from today.
One other odd thing is, though, that your screenshot shows a domain e3843.g.akamaiedge.net which does not seem to exist in either of your uploaded files (pihole.log / pihole.log.1). It is possible that it was cut off during upload.
Okay, the problem so far was just that you grepped for the wrong time in the log. The time zone of your Pi-hole device is not correctly set up (or at least it is not the same as your local time zone). Hence, it logged the queries at 05:54:08 of its time which the Pi-hole dashboard (correctly) translated into 00:54:08 in your local time.
We can now delete the last 30 posts in the thread and return to the initial problem
Has that ever happend since then? Do you have, by any chance, the log data of this day (August 10) still available?
(it may be /var/log/pihole.log.2.gz or some other compressed archive file by now)
Back to the matter at hand... I tried to sudo cat /var/log/pihole.log.2.gz | grep "11:40" and got no results. I tried without grep: sudo cat /var/log/pihole.log.2.gz and the output was absolutely haywire. The bash went psycho and then ended up printing "PuTTyPuTTyPuTTy" over and over again in the prompt, so I closed out. Can you help me out with a command to handle this .gz file?
I really enjoyed a laugh when reading the rest of your post. The file has been compressed, so we cannot expect readable output. Try using zgrep for compressed files.
So to be clear, this is relevant to the very first post on the thread. Remember, the first picture is the Query Log with Show All, searching for the phrase "ad" and sorted by URL. This screenshot does seem to show forwarding the query, though.